This question already has answers here:
MySQL query not working while using php variable in where clause
(3 answers)
Closed 8 years ago.
I am new to php so hopefully someone could point out where i am going wrong
I have written a php code to fetch certain records from an MySQL database
I am running the query as
$result = mysql_query("SELECT * FROM Messages where Id='idLo'")
or die(mysql_error());
i get no results
but when i hard code like
$result = mysql_query("SELECT * FROM Messages where Id='4'")
or die(mysql_error());
It returns all the data
What am i misisng
i am collecting idLo as a get parameter
$idLo = $_GET['id'];
Your code needs to change to
$result = mysql_query("SELECT * FROM Messages where Id='$idLo'") or die(mysql_error());
From
$result = mysql_query("SELECT * FROM Messages where Id='idLo'") or die(mysql_error());
There is basic thing that in php every variable has dollar( $ ) sign that we need to use every time while using it.
Try this:
$result = mysql_query("SELECT * FROM Messages where Id='$idLo'");
you forgot $ in front of idLo in your query.
$result = mysql_query("SELECT * FROM Messages where Id='".$idLo."'");
should do it
It appears that you haven't included the "$" to signify that idlo is a variable:
where Id='idLo'
should be
where Id='$idLo'
Also, you might want to have a look into using PDO or Mysqli for accessing your mysql database through PHP.
you should user mysqli pr PDO by now. A bit better:
$result = $connection->query("SELECT * FROM Messages where Id='$id'");
also, check if Id is really with capital letters and add a dollar sign to the variable name.
$idLo = $_GET['id'];
$result = mysql_query("SELECT * FROM Messages where Id='$idLo'") or die(mysql_error());
Related
This question already has answers here:
How to insert values in a PHP array to a MySQL table?
(2 answers)
Closed 5 years ago.
I'm using PHP session variable to track character ID's between two tables, characters and character_data_store.
The session ID definitely has the correct ID as I have had to print its value before it goes into the mySQL query.
For testing I selected a user I knew had a rapsheet and used
$usersql = "SELECT *
FROM character_data_store
WHERE character_data_store.`key` = 'RapSheet'
AND character_data_store.character_id = '216'";
Obviously I can't use this for all users as I need to confirm the right one has been selected so thats where the session variable comes in.
I've tried using:
$correctPlayer = $_SESSION['selpid'];
echo $correctPlayer; #confirm it's the right id and then remove
$usersql = "SELECT *
FROM character_data_store
WHERE character_data_store.'key' = 'RapSheet'
AND character_data_store.character_id = '$correctPlayer'";
I did some searching on SO and I found that int's need to have double quotes around them not single quotes, I tried that and had no luck but someone else suggested putting the session ID in exactly which I tried next:
$usersql = "SELECT *
FROM character_data_store
WHERE character_data_store.'key' = 'RapSheet'
AND character_data_store.character_id = {$_SESSION['selpid']}";
Each time I do this I get mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given which SO tells me is because this operation results to false, I assume because it's not accepting the playerID from selpid or $correctPlayer?
It definitely works with the testing user where the playerID is inserted directly into the query. But I can't think of a way to do that since I need to match the playerID from table "characters" where the search is done against their first and last name and then pull the rapsheet data against the same playerID in table "character_data_store".
How do I use a variable in the WHERE condition of a MySQL query using a php variable?
You have obvious error in your code. You are missing quotes in {$_SESSION['selpid']} and you are using quotes in column name. Your query should be
$usersql = "SELECT * FROM character_data_store WHERE character_data_store.`key` = 'RapSheet' AND character_data_store.character_id = '{$_SESSION['selpid']}'";
You should not use quotes in column name, instead use backquotes(`) if you really need. I recommend prepared statements.
There are multiple ways to do this. A naive way to do this would be-
$usersql = "SELECT * FROM character_data_store WHERE character_data_store.'key' = 'RapSheet' AND character_data_store.character_id = ".$correctPlayer;
But to avoid sql injections I would recommend you use bindparam function to bind paramaters in a statement.
$sql="SELECT * FROM character_data_store WHERE character_data_store.'key' = 'RapSheet' AND character_data_store.character_id = ?";
if($stmt = $dbh->prepare($sql)){
$stmt->bindParam(1, $correctPlayer, PDO::PARAM_STR);
$ql = $stmt->execute() or die("ERROR: " . implode(":", $dbh->errorInfo()));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$result['data'] = $row;
This question already has an answer here:
PHP not displaying result from MYSQL query
(1 answer)
Closed 6 years ago.
I have the following code
# connect to sql server
$sql = new PDO('mysql:dbname=random;host=localhost', 'root', '');
# perform the query
$query = 'SET #uid := (SELECT Channel_Location FROM channels WHERE Used = 0 ORDER BY RAND() LIMIT 1);'.PHP_EOL
.'UPDATE channels SET Used = 1 WHERE Channel_Location = #uid;'.PHP_EOL
.'SELECT * FROM channels WHERE Channel_Location = #uid';
$result = $sql->query($query);
$row = $result->fetch();
$id = $row['Channel_Location'];
var_dump($row);
Now the query works its tested returns what i need it to but when i var_dump($row) i get Boolean false and when i var_dump($id) i get null as the errors, now the database has plenty of entries it can select from but nothing passes through to PHP yet if i run the query in my client i get a return value.
can anyone guide me to a possible solution?
You can't run multiple queries in one using PDO, try running one query at time and check to see what happens
I am having some difficulty running some SQL code.
What I am trying to do is, find a row that contains the correct username, and then get a value from that correct row.
This is my SQL in the php:
mysql_query("SELECT * FROM users WHERE joined='$username' GET name")
As you can see, it looks for a username in users and then once found, it must GET a value from the correct row.
How do I do that?
You need some additional PHP code (a call to mysql_fetch_array) to process the result resource returned by MySQL.
$result = mysql_query("SELECT name FROM users WHERE joined='$username'");
$row = mysql_fetch_array($result);
echo $row['name'];
mysql_query("SELECT `name` FROM users WHERE joined='$username' ")
Just select the right column in your 'select clause' like above.
Edit: If you are just starting out though, you might want to follow a tutorial like this one which should take you through a nice step by step (and more importantly up to date functions) that will get you started.
mysql_query("SELECT name FROM users WHERE joined='$username'")
$q = mysql_query("SELECT * FROM users WHERE joined='$username'");
$r = mysql_fetch_array($q);
$name = $r['user_name']; // replace user_name with the column name of your table
mysql_query("SELECT name FROM users WHERE joined='$username' ")
Read documentation : http://dev.mysql.com/doc/refman/5.0/en/select.html
This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Correct way to use LIKE '%{$var}%' with prepared statements?
(1 answer)
Closed 1 year ago.
I am trying to find the number of rows that match a specific pattern. In this example, all that START with "123":
This is working:
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE '123%'");
$count = mysql_num_rows($query);
The problem is the LIKE will vary, so I'm trying to define it in the script, then execute the query, but this is NOT working:
$prefix = "123";
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE $prefix.'%'");
$count = mysql_num_rows($query);
How can I get this query to work properly in the second example?
EDIT: I've also tried it without the period (also not working):
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE $prefix'%'");
You have the syntax wrong; there is no need to place a period inside a double-quoted string. Instead, it should be more like
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE '$prefix%'");
You can confirm this by printing out the string to see that it turns out identical to the first case.
Of course it's not a good idea to simply inject variables into the query string like this because of the danger of SQL injection. At the very least you should manually escape the contents of the variable with mysql_real_escape_string, which would make it look perhaps like this:
$sql = sprintf("SELECT * FROM table WHERE the_number LIKE '%s%%'",
mysql_real_escape_string($prefix));
$query = mysql_query($sql);
Note that inside the first argument of sprintf the percent sign needs to be doubled to end up appearing once in the result.
DO it like
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE '$yourPHPVAR%'");
Do not forget the % at the end
This question already has answers here:
How can I write SQL for a table that shares the same name as a protected keyword in MySql? [duplicate]
(3 answers)
Closed 9 years ago.
I get a error message saying:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'key='12345' AND id='98765' LIMIT 1' at line 1
My code is:
$key = '12345';
$id = '98765';
include realpath('./inc/config.php');
$query = mysql_query("SELECT * FROM users WHERE key='{$key}' AND id='{$id}' LIMIT 1", $config) or die(mysql_error());
$result = mysql_fetch_assoc($query);
Now can anyone tell me whats wrong in this?
key is a reserved word, you need to properly quote it with backticks if you want to use it as a field name.
SELECT * FROM users WHERE `key`='{$key}' AND id='{$id}' LIMIT 1
SELECT * FROM users WHERE `key`='{$key}' AND id='{$id}' LIMIT 1
key is a reserved word
Your key and id are obviously numeric. Although adding quotes wouldn't hurt, you definitely don't need them. You edon't need brackets in any query period.
Try this:
$query = mysql_query("SELECT * FROM users WHERE key=$key AND id=$id LIMIT 1", $config) or die(mysql_error());
$result = mysql_fetch_assoc($query);
If that doesn't work just run this using PHPMyAdmin or whatever you use to run queries on your db.
SELECT * FROM users WHERE key=12345 AND id=98765
I also don't see why you would need LIMIT clause. It wouldn't break anything but if your id is actually row id it should give you a unique record.